Security

Reply
Occasional Contributor I
Posts: 6
Registered: ‎12-07-2010

Authentication with Windows Server 2008 (AD) as LDAP.

Hi all.

 

I want to set up ARUBA-Controller, and to use Active-Directry as LDAP Server.
Controller logged "To support this configuration dot1x profile 'ldap' should have termination enabled and eaptype set to eap-tls or eap-peap with gtc as the only innereaptype".
So, termination is enabled on controller and set eap-type EAP-PEAP and EAP-GTC.

After configured it, I tried "aaa test-server pap [ldap] [user] [pass]" and terminal was shown "Authentication successful".
However, I actually tried to connect WLAN of LDAP-authentication, authentication was failed....
I typed command "show auth-tracebuf", shown this...

 

Nov 27 21:13:56 station-up * 70:1a:04:8f:XX:XX 00:24:6c:d6:XX:XX - - wpa2 aes
Nov 27 21:13:56 station-term-start * 70:1a:04:8f:XX:XX 00:24:6c:d6:XX:XX 1 -
Nov 27 21:13:56 eap-term-start -> 70:1a:04:8f:XX:XX 00:24:6c:d6:XX:XX/ldap - -
Nov 27 21:13:56 station-term-start * 70:1a:04:8f:XX:XX 00:24:6c:d6:XX:XX 1 -
Nov 27 21:13:56 station-term-end * 70:1a:04:8f:XX:XX 00:24:6c:d6:XX:XX/ldap 11405 - failure
Nov 27 21:13:56 station-down * 70:1a:04:8f:XX:XX 00:24:6c:d6:XX:XX - -

 

"eap-term-start" is failure, and I seem that is cause authentication-failure.
Wireless Client used MS-CHAPv2, because can't use EAP-GTC.
If I want to use LDAP server, MUST WirelessClient use EAP-GTC for auth-method?
We use Windows7 and XP for Wireless Client.

Should I get EAP-GTC Plug-in?

 

so what may be the solution for this other than using radius server.

Guru Elite
Posts: 19,965
Registered: ‎03-29-2007

Re: Authentication with Windows Server 2008 (AD) as LDAP.

You must use EAP-GTC with LDAP if you want to use Encryption.

 

If you don't want to install the EAP-GTC plugin on all your clients, you can use Captive Portal authentication or use WPA2-Preshared key authentication.

 

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Occasional Contributor I
Posts: 6
Registered: ‎12-07-2010

ThanRe: Authentication with Windows Server 2008 (AD) as LDAP.

Thank you for your reply.

 

muh.... If we use Windows Server as Auth-server, we should adopt NPS as RADIUS server, doesn't it?

 

Guru Elite
Posts: 19,965
Registered: ‎03-29-2007

Re: ThanRe: Authentication with Windows Server 2008 (AD) as LDAP.

Yes!  http://community.arubanetworks.com/t5/ArubaOS-and-Controllers/Step-by-Step-How-to-Configure-Microsoft-NPS-2008-Radius-Server/m-p/14392/highlight/true#M6113

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Occasional Contributor I
Posts: 6
Registered: ‎12-07-2010

Re: ThanRe: Authentication with Windows Server 2008 (AD) as LDAP.

Thank you cjoseph!!

I understood well about LDAP-solutinon.

Search Airheads
Showing results for 
Search instead for 
Did you mean: